Research On Security Communication Mechanism For In-vehicle CAN Bus

Inside the vehicle,there are a variety of different bus systems,such as Controller Area Network(CAN),Local Interconnection Network,Flex Ray and so on,which constitute the underlying in-vehicle network structure.Through the bus connected Electronic Control Unit(ECU),the in-vehicle network provides the basic function of data transmission for the vehicle.Among them,CAN bus is widely used in the field of powertrain and body control because of its high transmission reliability,strong real-time communication and low price.With the rapid development of information technology,more and more electronic control units in the vehicle begin to connect to the network.However,the traditional CAN bus lacks protection mechanism,which greatly increases the possibility of in-vehicle nodes being invaded.Once the in-vehicle node is invaded by malicious attackers,attackers can control the braking,acceleration and other key procedures,bringing the vehicle passengers life danger.Therefore,data transmission in the vehicle needs to meet confidentiality and integrity.In addition,it is also necessary to consider the real-time and high efficiency of data transmission.How to meet these requirements while driving without changing the hardware structure of the existing vehicle has become an urgent problem to be solved.On the one hand,the existing in-vehicle secure communication mechanisms pay attention to protecting the integrity of in-vehicle data,but few consider both confidentiality and integrity,in addition to the performance of bus transmission.On the other hand,autonomous vehicles are gradually coming into the life of the public,while the existing in-vehicle security schemes have not taken into account the characteristics of autonomous vehicles and designed a security communication scheme for autonomous vehicles.In view of these problems,this dissertation studies two secure communication schemes in vehicles,and obtains the following research results:(1)Aiming at the problem that the existing security schemes cannot manage ECUs dynamically based on the credibility of ECUs,a dynamic management scheme of ECU group for in-vehicle CAN bus is proposed.The proposed scheme manages the ECUs on the bus in groups according to the security level of the ECUs,and uses a simple reputation mechanism to dynamically change groups according to the credit value of the ECUs while the vehicle is running.The group key is constructed through the Chinese Remainder Theorem.The security analysis and experimental results show that the proposed scheme can ensure the security and real time performance of data transmission.(2)Aiming at the problem that the existing in-vehicle secure schemes do not take into account the dual redundant environment of ECU and bus in autonomous vehicles,an in-vehicle message re-encryption scheme for the dual redundant environment of autonomous vehicles is proposed.When a single point of failure or network attack against an ECU occurs and it is necessary for the backup ECU to process the messages related to the failed ECU,this scheme can solve the problem of forwarding and processing such messages under encryption conditions,and ensure the confidentiality and integrity of the data based on the proxy re-encryption.The security analysis and performance analysis prove that the scheme is secure and efficient.